Google Chrome random number generator issue

Debugging War Stories

The weirdest thing happened. At least everyone thinks this way until they realize it was just a stupid bug somewhere. This time it was Google Chrome that stopped the show.

We have a small Google Chrome extension that generates an unique ID every time it gets installed. We want our server to be able to tell apart from different installations (and also be able to count them). So we want a unique GUID on each installation but we don't care if there is a duplicate ID one in a million.

We are using a general purpose JavaScript generating similar to this one. It basically calls Math.random 32 times in a row. JavaScript doesn't have a randomization seed function so we rely on the browser to initialize the seed for us at the time of first usage.

For months our application has been working as expected and our randomly generated GUIDs kept getting sent back to us.
Everything was going good in an extent that we had a nice little metrics graph implemented to show off for our growth.
Then it suddenly stopped one day. Our new installs went flat. Everything was suggesting we just got less installs but the graphs showed no visible decrease in site traffic or server load.

Turned out that Google Chrome random generator is too pseudo from what you'd expect. And after generating a few million rows in our DB the Google Chrome random generator started repeating itself.
We verified the issue by manually uninstalling and installing a few times and we got it into generating 3 subsequent random GUIDs. When we checked these GUIDs against our live database it turned out that 3 out of 3 generated GUIDS already exist in DB.
There must be a problem with it somewhere, right. A GUID is 32 byte long. How is it possible to have a duplicate 3 times in a row.
There must be some problem in randomization or the seed but Math.rand just kept generating same GUIDs on completely diffrent machines.
Hence our GUIDs got mixed up and we ended up having multiple installaions sharing the same GUID.

There is obviously a problem in Google Chrome random generator as it keeps generation same GUIDs over and over again. And after a couple of million entries it's quite probably that it will generate a duplicate GUID for you too. So watch out.
As a workaround we suggest using one of these better JavaScript random number generators.